[syslog-ng] "Illegal seek" with file("/proc/net/xt_recent/violators")
Valentijn Sessink
valentyn at blub.net
Fri Sep 6 17:43:04 CEST 2013
On 04-09-13 14:40, Gergely Nagy wrote:
> This has been fixed in 3.4's git tree, and will be part of 3.4.4
> release.
I tried it, but it doesn't seem to help. There's something weird about
the xt_recent.c file handling. I tried to understand it's source, but I
couldn't find out. It seems that *loff is different from file->f_pos,
and can't be simply changed with lseek().
Bottom line is, that although *loff should be 0, an lseek() will not help.
So I kindly suggest: please revert any changes that you made to
accomodate to this /proc thing - they are of no use, at this moment.
For now, xt_recent should be written with single lines only,
open()-write()-close() and repeat. Even using program("cat > ....")
doesn't work correctly; it will write the first IP address, then fail
with the second, bail out, and syslog_ng will start another cat to write
the next IP-address.
"most proc files support only one-shot writes" is what I learned from
someone at #kernelnewbies, so that's probably the final word on this.
I think the best thing is using some sort of piping program in between;
I'm not sure what I'm going to use - should any of you readers have a
good idea, please say so.
After a couple of days of trying to grasp xt_recent.c in combination
with syslog-ng file() - without avail :-( - I'm going to have a beer.
That won't help my logging, but it will help my mood! Happy friday
afternoon, dear fellow Europeans ;-) and have a nice weekend for all of you.
Best regards,
Valentijn
More information about the syslog-ng
mailing list